ocis-deployment/docker-compose.yml

version: '3.5'

services:
  ocis:
    image: owncloud/ocis
    expose: [ 9200, 9142 ]
    volumes:
      - type: bind
        source: ./mounts/config
        target: /etc/ocis
      - type: bind
        source: ./mounts/data
        target: /var/lib/ocis
    environment:
      OCIS_INSECURE: 'true'
      PROXY_HTTP_ADDR: 0.0.0.0:9200
      PROXY_TLS: false
      OCIS_URL: https://${PUBLIC_URL}

      # fulltext search
      SEARCH_EXTRACTOR_TYPE: tika
      SEARCH_EXTRACTOR_TIKA_TIKA_URL: http://search-engine:9998
      FRONTEND_FULL_TEXT_SEARCH_ENABLED: "true"

      # another obviously good choice for $MICRO_REGISTRY if mdns becomes
      # problematic is "etcd", by adding an etcd service and setting
      # $MICRO_REGISTRY_ADDRESS, $ETCD_USERNAME, and $ETCD_PASSWORD.
      # https://github.com/owncloud/ocis/blob/b0ac9840dff00a2527b2e8df86bebcd12632104c/ocis/README.md?plain=1#L18
      MICRO_REGISTRY: mdns
      # https://github.com/owncloud/ocis/blob/master/deployments/examples/ocis_wopi/docker-compose.yml#L67
      GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers
    networks:
      - web
      - internal
      - app-provider-net
    labels:
      traefik.http.routers.ocis.rule: Host(`${PUBLIC_URL}`)
      traefik.http.routers.ocis.service: ocis
      traefik.http.services.ocis.loadbalancer.server.port: 9200
      traefik.http.routers.ocis.tls: true
      traefik.http.routers.ocis.tls.certresolver: letsencrypt
      traefik.enable: true
    depends_on: [ search-engine ]
    restart: unless-stopped

  search-engine:
    image: apache/tika:latest-full
    networks: [ internal ]
    restart: always

  app-provider:
    image: owncloud/ocis
    networks: [ app-provider-net ]
    command: app-provider server
    environment:
      # use the internal service name of the gateway https://github.com/owncloud/ocis/blob/b0ac9840dff00a2527b2e8df86bebcd12632104c/deployments/examples/ocis_wopi/docker-compose.yml#L109-L110C37
      REVA_GATEWAY: com.owncloud.api.gateway
      APP_PROVIDER_GRPC_ADDR: 0.0.0.0:9164
      # use the internal service name
      APP_PROVIDER_EXTERNAL_ADDR: com.owncloud.api.app-provider-collabora
      APP_PROVIDER_DRIVER: wopi
      APP_PROVIDER_WOPI_APP_NAME: Collabora
      APP_PROVIDER_WOPI_APP_ICON_URI: https://office.${PUBLIC_URL}/favicon.ico
      APP_PROVIDER_WOPI_APP_URL: https://office.${PUBLIC_URL}
      APP_PROVIDER_WOPI_WOPI_SERVER_EXTERNAL_URL: https://wopi.${PUBLIC_URL}
      APP_PROVIDER_WOPI_FOLDER_URL_BASE_URL: https://${PUBLIC_URL}
      # share the registry with the ocis container
      MICRO_REGISTRY: "mdns"
    volumes:
      - type: bind
        source: ./mounts/config
        target: /etc/ocis
    restart: unless-stopped
    depends_on: [ ocis ]
  
  wopiserver:
    image: cs3org/wopiserver
    networks:
      - web
      - app-provider-net
    environment:
      PUBLIC_URL: ${PUBLIC_URL}
    entrypoint:
      - /bin/sh
      - /entrypoint-override.sh
    volumes:
      - type: bind
        source: ./mounts/wopi/wopiserver.conf
        target: /etc/wopi/wopiserver.conf.dist
        read_only: true
      - type: bind
        source: ./mounts/wopi/entrypoint.sh
        target: /entrypoint-override.sh
        read_only: true
      - type: bind
        source: ./mounts/wopi/wopi.secret
        target: /etc/wopi/wopi.secret
        read_only: true
      - type: bind
        source: ./mounts/wopi/recovery
        target: /var/spool/wopirecovery
    labels:
      traefik.enable: true
      traefik.http.routers.wopiserver.entrypoints: websecure
      traefik.http.routers.wopiserver.rule: Host(`wopi.${PUBLIC_URL}`)
      traefik.http.routers.wopiserver.tls.certresolver: letsencrypt
      traefik.http.routers.wopiserver.service: wopiserver
      traefik.http.services.wopiserver.loadbalancer.server.port: 8880
    restart: unless-stopped
  
  collabora:
    image: collabora/code
    networks:
      - web
      - app-provider-net
    environment:
      aliasgroup1: https://wopi.${PUBLIC_URL}:443
      DONT_GEN_SSL_CERT: "YES"
      extra_params: --o:ssl.enable=false --o:ssl.termination=true --o:welcome.enable=false --o:net.frame_ancestors=${PUBLIC_URL}
      username: ${COLLABORA_ADMIN_USER}
      password: ${COLLABORA_ADMIN_PASSWORD}
    cap_add:
      - MKNOD
    labels:
      traefik.enable: true
      traefik.http.routers.collabora.entrypoints: websecure
      traefik.http.routers.collabora.rule: Host(`office.${PUBLIC_URL}`)
      traefik.http.routers.collabora.tls.certresolver: letsencrypt
      traefik.http.routers.collabora.service: collabora
      traefik.http.services.collabora.loadbalancer.server.port: 9980
    restart: unless-stopped

networks:
  web:
    external: true
  internal:
    internal: true
  # The app-provider needs to be able to reach out to the internet
  app-provider-net: